Company data from one of the contractors of Saudi Aramco, the most valuable oil producer of the world, was leaked, the Saudi oil giant has confirmed. Such leaked data is now reportedly being used for an attempted extortion of $50milion from the oil company.
There have been long term criticisms of the global oil and gas industry not investing enough in cyber security.
A ransomware cyber-attack hit the Colonial Pipeline in the United States in May.
Aramco “recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors”, the Saudi company informed the media in an emailed statement.
Nothing about which contractor was affected ore whether the contractor had been hacked or if the data had been leaked in any other way was confirmed by the Saudi Arabian energy giant.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” the firm said.
One terabyte, or 1,000 gigabytes, of Aramco’s data was being held by extortionists, claimed a report by the Associated Press (AP), based on data from a page on the darknet which is a part of the internet that lies within an encrypted network and people can access this protion only through specialised anonymity-providing tools.
The page offered to delete the data in exchange for $50m in cryptocurrency, said the AP report, even though there was no information about who or which group was behind the ransom incident.
There were no comments available from Aramco on the AP report.
According to experts, over many years, not enough investment had been made in cyber security by companies in the oil and gas industry, which includes firms that own and operates oil and gas wells, pipelines and refineries.
Saudi Aramco has faced cyber security threats on previous occasions when its data was hacked. The so-called Shamoon virus had hit the computer network of the company in 2012.
The vulnerabilities of the energy industry’s computer systems were further exposed this year from the cyber attack on the Colonial Pipeline in the US.
(Adapted from BBC.com)